Summary
This host is missing important security update according to Microsoft Bulletin MS99-033.
Impact
Successful exploitation will allows remote users to crash the application leading to denial of service condition or execute arbitrary code.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link.
http://technet.microsoft.com/en-us/security/bulletin/ms99-033
Insight
The FTP service in IIS has an unchecked buffer in a component that processes 'list' commands. A constructed 'list' request could cause arbitrary code to execute on the server via a classic buffer overrun technique.
Affected
Microsoft Internet Information Services version 3.0 and 4.0
References
Severity
Classification
-
CVE CVE-1999-0349 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)
- Cumulative Security Update for Internet Explorer (956390)
- Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906)
- ISA Server 2000 and Proxy Server 2.0 Internet Content Spoofing (888258)
- Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)